diff options
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth/Social.pm | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth/Social.pm b/perllib/FixMyStreet/App/Controller/Auth/Social.pm index f4ef7defe..8ac44c14d 100644 --- a/perllib/FixMyStreet/App/Controller/Auth/Social.pm +++ b/perllib/FixMyStreet/App/Controller/Auth/Social.pm @@ -200,11 +200,29 @@ sub oidc_sign_in : Private { sub oidc_callback: Path('/auth/OIDC') : Args(0) { my ( $self, $c ) = @_; - $c->detach('oauth_failure') if $c->get_param('error'); - $c->detach('/page_error_400_bad_request', []) unless $c->get_param('code'); - my $oidc = $c->forward('oidc'); + if ($c->get_param('error')) { + my $error_desc = $c->get_param('error_description'); + my $password_reset_uri = $c->cobrand->feature('oidc_login')->{password_reset_uri}; + if ($password_reset_uri && $error_desc =~ /^AADB2C90118:/) { + my $url = $oidc->uri_to_redirect( + uri => $password_reset_uri, + redirect_uri => $c->uri_for('/auth/OIDC'), + scope => 'openid', + state => 'test', + extra => { + response_mode => 'form_post', + }, + ); + $c->res->redirect($url); + $c->detach; + } else { + $c->detach('oauth_failure'); + } + } + $c->detach('/page_error_400_bad_request', []) unless $c->get_param('code'); + my $id_token; eval { $id_token = $oidc->get_access_token( |